Thursday, 19 February 2015

Creating Your Own Helper for the Azure AD Graph API

If you want to implement Azure AD in an Enterprise Solution, you will probably looking for of adding extensions (attributes) to users, so you can add things like Company Name or Twitter Account. I agree you could save that into a nice table in a Database, but why do you need to do that if you can use Azure AD as a database to store all these details.

This technique will eliminate dependencies and will make the application more scalable. At the end of the day, Azure AD is a black box we can’t “invade” but we can can manipulate.

In this post you will see few things which you will need in order to make the whole Azure AD something useful, so things like:

Adding/Removing Extensions.

Override the claims so we can extract the extensions.

The first thing we are going to do it is to Create an out-of-the-box MVC application which will include our UX to perform the actions. Below there we will create our helper with the actions and models.

So let’s go to start… Add a new MVC project, and click OK. Then click on Change Authentication:

Select Organizational Accounts and in the Domain box enter your tenant, it could be somekindofcompany.onmicrosoft.com (If you don’t have a domain you will need to create one on Azure, this is a nice post if you don’t have a clue). Select “Sign on read and write …” at the end of the day you are going to be manipulating the Azure AD tenant, so you need permissions. You the will be promtend to login, just login with the admin account, and go for it!, click ok.

Now! if you run the application you will be prompted with the login screen, just login and you will see the default page. At this stage, if you manage to login, you will realize that you have a nice little token to perform RESTFul operations with you Application. This is what you should get after doing the Login.

Ok! So far so good…

Let’s go to add a project in the solution. This project will be the one in charge of keeping the Models for our Application and doing the Restful operations. It will not care about the tenant, clientid etc… we will be passing that. So Ok, Add a new project to the solution and call it AADGraphAPIManager, when you finish remove Class1.cs. This is how our solution should look like:

Now we are going to create two folders in the AADGraphAPIManager project, one it will be called Models and the other called Services.Under Models we are going to add a class called AADGraphApiModel.cs

Inside this class let’s go to copy the model from the Graph API version 1.5, I assume that in few months time we will have a new version. Okp, don’t you worry apparently Microsoft is going to be supporting all the versions for a while. (the code is below)

As you probably noticed, JsonProperty is highlighted, that is because we need to a add Newtonsoft Json Package to recognise the attributes. You can use the windows ones, but you get use to Newtonsoft I suspect. Ok in order to add the Nuget package go to your package console, select this project and type:Install-Package Newtonsoft.Json It should be something like this:

Let’s go to add under our folder “Services” a new class called GraphAPIQuery.cs and add the code below.You will need to install the following Nuget packages under your project

All these operations are the basic ones, we will extend the code doing a wrapper around the GraphAPIQuery. I am not going to explain all the process, but you have to be focus in adding extensions. To add an extension to a group or user you need to create the group or the user first. That basically means you have to do a double call. Unfortunately there is no way around you.

Another issue comes when you go to Azure AD to edit the groups or users, don’t expect to find the extensions them on the Azure portal, so you need to create a User Interface for that with CRUD operations via Web.

I am going to post the code, so you can have a look, but remember this is a beta version , there is plenty of stuff it needs to be cleaned. At least you will be able to see how you can create extensions for Groups and Users, so you can extend it for your own purposes. I have mixed different ways to do the calls as well as serialization, so you can grab your favourites.

To make this work, you need to instantiate UserOperations and pass the appPrincipalId (which is the ClientID of the Azure Application Instance (ie: string like this "8353c878-c925-4567-b900-0985b0805e6a")), the appKey (which is the unique key of the Azure Application Instance (ie: string like this "GJu+cHCkinvK9HvSY60LDH7347x4CgMvXJz2udiEzes=")) and the ClaimsPrincipal (you just need to pass ClaimPrincipal.Current).

About Me

I am a dedicated software developer who has been programming since I was 9 years old, when I made my first game in an Amstrad 128kb... after 25 years I keep doing the same stuff with different systems... If you have any problems or you want to contribute to this blog please email me to gabrielrenom@gmail.com

I have been Developing applications for mobile devices since late 90's I am keep dedicated to mobile development working with iPhone, iPad, iTouch , Windows Mobile and Android platforms having my own column in the US magazine i.Business. www.ibusinessmag.com.
Currently working in the legal industry for DWF LLP.